Date: Wed, 9 Feb 2022 11:38:43 -0700 (MST) From: Dale Scott <dalescott@shaw.ca> To: freebsd-questions@freebsd.org Subject: how to disable support for MD5 in ssh server Message-ID: <1764040332.569007319.1644431923007.JavaMail.zimbra@shaw.ca>
next in thread | raw e-mail | index | archive | help
Hi all, I'm a security novice so I signed up with SecurityScorecard for a review. My scorecard has 3 points subtracted because "The SSH server is configured to support MD5 algorithm." I've read through SSHD_CONFIG(5) and the Ciphers section doesn't include MD5 in defaults. I also don't see MD5 listed in the response to "# sshd -T | grep "\(ciphers\|macs\|kexalgorithms\)" The only edit I have made to the default /etc/ssh/sshd_config was to disable password login (to allow ssh only). What am I not understanding? Google hasn't been much help, although I expect I haven't been asking the right question. Should I disable MD5 as recommended, and how? % uname -a FreeBSD starlord 13.0-RELEASE-p7 FreeBSD 13.0-RELEASE-p7 #0: Mon Jan 31 18:24:03 UTC 2022 root@amd64-builder.daemonology.net:/usr/obj/usr/src/amd64.amd64/sys/GENERIC amd64 Many thanks in advance, Dale P.S.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1764040332.569007319.1644431923007.JavaMail.zimbra>